Upload
vuthien
View
215
Download
1
Embed Size (px)
Citation preview
Independently produced by:
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
Sponsored by:
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
2
CONTENTS Overview ................................................................................................................................................................ 4
Key Findings ........................................................................................................................................................... 5
Recommenda ons ................................................................................................................................................. 6
Passwords: Mobile Users Sacrifice Security for Convenience ................................................................................ 7
Using Mobile Devices to Advance Authen ca on ................................................................................................. 9
Mobile Threats: Inside and Out ........................................................................................................................... 12
Understanding the Consequences ....................................................................................................................... 16
Methodology ........................................................................................................................................................ 18
TABLE OF FIGURES Figure 1: Number of Online Accounts Where the Same Password Is Used, by Mobile OS User ........................... 7
Figure 2: Use of Two‐Factor Authen ca on in Online Accounts, by Mobile OS User ........................................... 9
Figure 3: Biometric Method Preference, by Mobile OS User ............................................................................... 10
Figure 4: Use of Mobile Security Features, by Mobile OS User ........................................................................... 13
Figure 5: Incidence of Iden ty Fraud in Past 12 Months, by Mobile OS User ...................................................... 16
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
3
OVERVIEW Consumers rely on their mobile devices on an ever‐growing basis to keep them connected.
Smartphones and tablets provide them with access to each other through email,
messaging, and social media while also pu ng financial services and shopping in the palm
of their hands. And each and every one of these ac vi es holds value for criminals in search
of account creden als and personally iden fiable informa on (PII) to sell or misuse.
Unfortunately, for all of the poten al that mobile devices represent, the apathy of every
mobile stakeholder is undermining the security of mobile devices and the accounts of their
users. Protec ng Android, iOS, and Windows mobile device users from fraud will require a
concerted effort by all stakeholders to eliminate vulnerabili es, encourage security‐minded
behaviors, and to leverage all the security benefits that mobile devices have to offer.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
4
KEY FINDINGS
Android, iOS, and Windows mobile users are undermining their security by reusing
passwords more o en than the average consumer. These mobile users are about 25%
more likely than all consumers to use the same password to access more than one
online account. This mo vates criminals to target them and their devices to secure
creden als with the expecta on that they will facilitate access to a variety of the
vic m’s valuable accounts and services.
Heavy reliance on one‐ me passwords is placing Android users’ financial accounts at
risk. Forty‐one percent of Android users take advantage of one‐ me passwords (OTPs)
with their financial accounts. The prevalence of mobile malware for Android capable
of intercep ng OTPs sent by text (i.e., Short Message Service or SMS) is contribu ng to
the rate of fraud these users experience.
Mobile users prefer fingerprint authen ca on, which bodes well for Apple and
Samsung. Fingerprint scanning is preferred by Android, iOS, and Windows mobile
users among the prevailing biometric modali es. Recent moves by Apple and Samsung
to expand fingerprint‐based authen ca on is likely to be well‐received and will
subsequently bolster the preference for this modality.
One in five or fewer Android, iOS, or Windows mobile device users are truly
protec ng their data from a physical intrusion. While using a password, or be er yet
a fingerprint, to protect the lock screen can effec vely deter some a empts to
physically access a mobile device, more safeguards are needed to dissuade
professional criminals. Unfortunately the use rates of remote‐wipe so ware and disk
encryp on are dishearteningly low.
Mobile users desperately want to protect their devices from vulnerabili es in
outdated OSs, but updates are not always convenient or available. Upda ng the OS
can be hampered by limited availability from carriers and manufacturers in the case of
Android or because of how an update has the poten al to undermine performance
a er installa on in the case of iOS.
Android and iOS users face a significantly higher rate of fraud than the average
consumer, but the reasons differ. Users in both camps display similarly poor password
and security habits, which are contribu ng to their risk of being vic mized. More
specifically, it is mobile malware that is spurring the fraud experienced by Android
users, while the a rac veness of iOS users’ income has placed them in the crosshairs
of fraudsters.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
5
RECOMMENDATIONS
Use the effec ve authen ca on capabili es of the mobile device. To protect mobile
users and their accounts from the vulnerabili es associated with the use of passwords,
take advantage of hardware integrated into mobile devices to protect all channels.
More secure solu ons, such as those based on biometrics, can be delivered directly to
consumers without the cost of providing addi onal hardware.
Encourage the use of comprehensive security so ware. Comprehensive mobile
security so ware can help prevent a variety of threats. An ‐malware capabili es can
protect users from malicious apps designed to glean account creden als and other
sensi ve PII. Other features can include the ability to remotely wipe the device in the
event of the and no fying the user of any risky connec ons.
Be mindful of how OTPs are being used and sent. One‐ me passwords sent by SMS
are vulnerable to being intercepted and rerouted by mobile malware, while those
delivered through email could also be stolen should the account be compromised.
When using OTPs to protect valuable accounts, such as online banking, avoid sending
OTPs through either of these methods.
Educate consumers about how biometric data is protected and used. Fingerprint
scanning benefits from its long history, including its use by law enforcement and in
commercial applica ons and its popularity in film. Consumer concerns about the
privacy and effec veness of a biometric solu on can be relieved through educa on,
giving other modali es an opportunity to close the gaps in public awareness and
comfort.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
6
PASSWORDS: MOBILE USERS SACRIFICE SECURITY FOR CONVENIENCE Passwords are the typical first line of defense for online accounts, and in some cases they
are the only means by which an account is secured from unauthorized access. Given the
breadth of available apps and services that mobile users have at their finger ps that require
a password, it is unsurprising that convenience has taken a back seat to security. Mobile
users have fallen into the “password trap,” reusing the same passwords for mul ple sites
and services. As a result, they are exposing their online accounts to a greater risk of
compromise and eventual misuse.
Regardless of which major opera ng system is being used, mobile device users are
undercu ng their own security at an alarming rate. More than six out of 10 Android (62%),
iOS (63%), and Windows (61%) mobile device users use the same password for more than a
single online account (see Figure 1). As a result, they are about 25% more likely than all
consumers to reuse a password, which has repercussions for the integrity of their iden es
and the security of their accounts.1
At least 6 in 10 Mobile Consumers Reuse Passwords Across Mul ple Accounts
Figure 1: Number of Online Accounts Where the Same Password Is Used, by Mobile OS User
5%
16%
8%
5%
19%
9%
39%
7%
14%
9%
6%
12%
14%
37%
7%
13%
9%
6%
11%
16%
38%
0% 10% 20% 30% 40%
more than 10
6 to 10
5
4
3
2
1
Android
iOS
Windows
October, 2013, n varies 169 to 2028Base: Consumers owning
online accounts by mobile OS.© 2014 Javelin Strategy & Research
Q61: How many of your online accounts do you use exactly the same password to access? Means number of accounts shown.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
7
Password behaviors born of convenience have already mo vated criminals to breach
password lists, but the behavior of mobile users makes them and their devices more
a rac ve and vulnerable targets. This in turn places the types of services delivered through
mobile devices at substan al risk, including banking, email, online commerce, payments,
and social media. There is a domino effect: As criminals compromise the password of an
account and a empt to access it for immediate financial gain, they may also glean
addi onal bits of personally iden fiable informa on (PII) on a consumer and can
subsequently access other accounts or defraud a user’s contacts.
Passwords are cumbersome to manage, and even more so to enter on the keyboard of a
mobile device. To cope with the difficul es that passwords create, mobile users are
uninten onally undermining their own security. Fortunately there are effec ve alterna ves
that take advantage of the mobile devices themselves to provide ease of use and security
(see Advancing Authen ca on sec on, below). Implemen ng these alterna ves can
protect mobile users and their devices in ways that passwords cannot.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
8
USING MOBILE DEVICES TO ADVANCE AUTHENTICATION The love affair between consumers and their mobile devices is undeniable. But despite the
allure of the latest advancements in mobile technology, consumers are accessing a variety
of apps and online services using outdated authen ca on techniques. Ironically, mobile
devices allow consumers and businesses to realize greater security by reducing the cost,
and increasing the effec veness and prac cality of newer authen ca on technologies. Yet
reaching that poten al will depend greatly on the wherewithal of consumers, along with
how they address implementa on and use challenges.
To address the weakness inherent in tradi onal passwords, many online sites have turned
to one‐ me passwords, but this solu on faces its own set of challenges. Consumers may
suppose that OTPs delivered through mobile devices improve the security of online services
because they have become standard for two‐factor authen ca on. Unfortunately SMS‐
based OTPs are being successfully targeted and compromised by mobile malware (see
Mobile Threats sec on, pg. 12). This represents a significant threat to the integrity of any
consumer’s account that relies on OTPs, but in par cular to the 41% of Android users who
use OTPs to protect their financial accounts (see Figure 2). Greater security can be achieved
by not delivering OTPs through SMS and instead using a dedicated app to circumvent the
threat of malware interdic on.
More Than 4 in 10 Android Users Poten ally Face Fraud Threat From Two‐Factor Authen ca on for Financial Accounts
Figure 2: Use of Two‐Factor Authen ca on in Online Accounts, by Mobile OS User
15%
21%
30%
45%
37%
6%
11%
22%
35%
43%
5%
11%
21%
34%
41%
0% 10% 20% 30% 40% 50%
Business email accounts
Any other personal email accounts
Social media accounts
Primary personal email account
Financial accounts
Android
iOS
Windows
Q66: Are you currently enrolled in two‐factor authentication for any of the following account types?
October, 2013, n varies 171 to 2048Base: Consumers by mobile OS.
© 2014 Javelin Strategy & Research
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
9
As another alterna ve to passwords, biometric authen ca on has immense promise when
delivered through a mobile device. Mobile devices are uniquely suited to facilita ng a wide
variety of biometric solu ons, including facial and voice recogni on, through the use of
their integrated cameras and microphones. In addi on, the two largest mobile device
manufacturers, Apple and Samsung, have both integrated fingerprint‐scanning sensors
within their flagship smartphones. The integra on of all of these hardware capabili es into
ubiquitous mobile devices alleviates two of the most significant impediments to the mass
adop on of biometrics: user convenience and cost to deploy.
Despite the benefits that can be achieved when delivering biometric solu ons through
mobile devices, consumers do not value each modality equally. Indica ve of their long
history and the level of trust bred by familiarity, Android, iOS, and Windows mobile users
most prefer fingerprint scanning (34%, 38%, and 30%, respec vely) (see Figure 3). In
addi on to Samsung’s partnership with PayPal, Apple’s recent announcement of the use of
Touch ID to authen cate mobile wallet transac ons will have a significant effect on this
trend.2 The experience of consumers at the point of sale with this modality will further
bolster trust as fingerprints replace personal iden fica on numbers (PINs) for securing
mobile wallets across a variety of devices over the long term. While fingerprint scanning
has a considerable head start, compe ng modali es have a similar opportunity, but only if
they can breed trust among consumers, especially in how they protect the privacy of
biometric data.3
The Most Established Biometric Technology, Fingerprints, Is Preferred
Figure 3: Biometric Method Preference, by Mobile OS User
Q38: Which of the following biometric methods would you most prefer to use to authenticate your identity online?
August, 2013, n varies 112 to 988Base: Consumers by mobile OS.
© 2014 Javelin Strategy & Research
8%
16%
9%
11%
10%
16%
30%
8%
23%
4%
6%
7%
13%
38%
12%
25%
3%
5%
7%
13%
34%
0% 10% 20% 30% 40%
I would not use any of these methods
I do not have a preferred biometricauthentication method
Palm (including hand geometry and veinanalysis)
Voice
Facial recognition
Eye (including iris, vein mapping andretina)
Fingerprint
Percentage of consumers
Android
iOS
Windows
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
10
Mobile devices have changed the way that consumers communicate and interact with
businesses, yet all too o en these rela onships are predicated on both par es’ trust in
rudimentary security measures. Fortunately, consumers and businesses can both derive
significant security benefits from the inherent and growing capabili es of these devices. By
rendering passwords obsolete, apps and online services will be less prone to fraud, no
longer to be compromised by criminals with breached creden als in hand.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
11
MOBILE THREATS: INSIDE AND OUT Mobile devices can conveniently deliver a variety of services directly to the hands of
consumers, just as they can provide another convenient avenue by which criminals can get
their hands on valuable data. Highly sought‐a er for the commission of fraud, sensi ve PII
and account creden als are both stored in and transmi ed through smartphones and
tablets, as consumers use these devices for financial services, m‐commerce, and social
media. Unfortunately, the mobile security habits of these same consumers can allow
criminals direct access to the contents of these devices, placing the integrity of consumer
accounts and iden es at risk.
Consumers face threats to the security of their devices from the digital and physical worlds.
While there are some immensely pervasive threats, including malicious Wi‐Fi hotspots,
mobile malware, and physical intrusions, the security habits of consumers can drama cally
compound the damage done when a criminal uses one of these threat vectors to
compromise mobile users or their devices.
Threat: Malicious or Unsecured Wi‐Fi Hotspots Malicious hotspots masquerading as legi mate access points provided to customers at
loca ons such as hotels or coffee shops are designed to intercept the transmissions of
connected devices. Even benign hotspots can be nearly as dangerous if le unsecured.
Consumers using smartphones and tablets connected to these hotspots may have any
unencrypted data intercepted, including account creden als and other PII. Even in those
instances where the app or online services in use appear to be encrypted, vulnerabili es
may s ll exist in the implementa on of the encryp on, exposing data to the and misuse.
Compounding Behavior: Consumers using Android, iOS, and Windows mobile devices all display a similar disposi on
to reusing passwords across mul ple online accounts (see Password sec on, pg. 6). As a
result, using a malicious or unsecured hotspot with a mobile device could expose one or
more passwords to the , poten ally facilita ng unauthorized access to a mul tude of
accounts and services.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
12
Threat: Mobile Malware Millions of instances of malware and high‐risk apps specifically geared toward mobile
devices are being delivered under the guise of legi mate apps, through compromised
websites, or through email.4 Besides being able to access a device’s internal storage, some
mobile malware (such as the Bugat trojan or the mobile variant of the formidable Zeus
trojan called ZitMo) can capture and redirect SMS texts, allowing criminals to circumvent
authen ca on schemes that rely on this channel to deliver one‐ me passwords.5,6,7
Compounding Behavior: Older versions of mobile opera ng systems o en contain vulnerabili es that can be used
by malware, but fortunately 71% of Android, 75% of iOS, and 68% of Windows mobile
device users update their devices’ OS when one is available (see Figure 4). Android owners
can be le in the lurch, though: Whether to make an update available for a par cular
device is o en up to manufacturers and carriers, not Google. iOS users are somewhat
be er off, yet updates are notorious for draining the ba ery of older devices, and that
might discourage the prac ce.8
Android, iOS, and Windows Mobile Device Users Display Similar Security Habits, With a Few Notable Differences
Figure 4: Use of Mobile Security Features, by Mobile OS User
October, 2013, n varies 171 to 2048Base: Consumers by mobile OS.
© 2014 Javelin Strategy & Research
15%
21%
20%
17%
39%
31%
43%
53%
68%
11%
18%
12%
20%
34%
36%
34%
58%
75%
11%
14%
14%
17%
33%
34%
42%
49%
71%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Own a service that allows you to encrypt the data onyour mobile device
Download new apps which do not have many reviews
Download apps from sites other than your OS's officialapp store
Own software or a service that allows you to remotelywipe your device
Change your password regularly
Save login info for apps or websites
Use antivirus software
Use a password
Update your OS as soon as updates become available
Percentage of consumers
Android
iOS
Windows
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
13
Unofficial app stores do not have controls as comprehensive as those of Apple, Google, or
Microso . The result is that malicious apps are more likely to appear in unofficial stores,
and the Android (14%), iOS (12%), and Windows (20%) mobile device users who are using
these stores to download unofficial apps — including rogue banking apps — may each be
inadvertently placing their creden als directly into the hands of criminals as a result (see
Figure 4).
Security so ware with an virus and an ‐malware capabili es is an effec ve hedge against
mobile device infec on, yet fewer than half of Android, iOS, and Windows mobile device
users (see Figure 4) are taking advantage. The iOS user responses are not completely
telling, though, because iOS sandboxing renders the an ‐malware capability of security
apps largely ineffec ve, even though iOS users who choose to download third‐party apps
run the risk of infec on.9 Security apps can include a number of other func ons, though,
including the ability to iden fy unsecured connec ons.10
Threat: Physical Intrusion Mobile devices are under a ack not only through their wireless connec ons; they also
make temp ng targets for criminals in the physical world. The pe y the of smartphones
has placed major ci es’ crime rates under significant pressure, forcing calls for device
manufacturers to integrate a kill switch to render them useless in the case of the . –
California recently ins tuted just such a law.11 Consumers’ mobile devices may also prove
hard for certain personal acquaintances to ignore; familiar fraud12 could occur when a
mobile device is unknowingly used by a friend or family member to access financial
services, m‐commerce, or mobile wallet func ons.
Compounding Behavior: Making a mobile device inaccessible can dissuade a dishonest acquaintance from even
a emp ng to access it in the first place. iOS users are the most likely to protect their device
with some sort of password (58%), and their lock screen can be further secured by using
Touch ID if they have a compa ble device (see Figure 4). While some Samsung devices offer
the same convenience, the remainder or mobile devices must rely on more pedestrian
means of securing the lock screen. And for consumers without a fingerprint scanner who
choose to rely on passwords instead, they can s ll be vic mized by an acquaintance if they
are able to glean or guess the password. This makes upda ng passwords regularly an
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
14
important prac ce, but only about one‐third of Android, iOS, and Windows mobile device
users update them regularly, (see Figure 4).
Securing the lock screen of a mobile device may prove to be less of an impediment to
professional thieves who are intent on gaining access to the PII contained therein. In these
instances, solu ons that render the mobile device una ainable or unusable are more
effec ve. Yet among all the security habits examined, these solu ons are some of the least
used: Remote‐wipe so ware is used by 17% of Android, 20% of iOS, and 17% of Windows
mobile device users, and disk encryp on is used by 11% of Android, 11% of iOS, and 15% of
Windows mobile device users (see Figure 4).
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
15
Ul mately, the mul tude of threats facing mobile devices and the habits of their users are
conspiring to create an environment where fraud can flourish. Not every device owner
experiences fraud at similar rates, though (see Figure 5):
Among Windows mobile device users, 4.8% experienced iden ty fraud in 2013, which
is 10% below the rate at which all consumers were vic mized (5.4%).13 This can
par ally be a ributed to the smaller share of the mobile device market they
represent, which makes them less a rac ve targets, but could also be the result of
other factors such as the use of non‐SMS‐based two‐factor authen ca on common to
Microso services, such as Outlook (see Mobile Authen ca on sec on, pg. 8).
Android users face the most serious threat from malware and are placing their
financial accounts at risk when relying on SMS‐based OTPs for authen ca on (see
Mobile Authen ca on sec on, pg. 8), both of which contribute to a rate of iden ty
fraud that is 31% higher than what all consumers experienced last year (7.1% vs. 5.4%,
respec vely).
Despite owning devices far less prone to malware infec on than Android, 7.3% of iOS
users experience iden ty fraud that is 36% higher than average (5.4%). This is because
of their substan al market share, which makes them higher profile targets, the use of
Apple services, which rely heavily on a single set of creden als, and users that have
higher‐than‐average incomes, which make them more a rac ve to fraudsters.14
Android and iOS Users Experience a Rela vely High Rate of Iden ty Fraud
Figure 5: Incidence of Iden ty Fraud in Past 12 Months, by Mobile OS User
7.1% 7.3%
4.8%
0%
1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
Android iOS Windows
Fraud inciden
ce rate
Q5. In what month and year did you DISCOVER that your personal or financial information had been misused? In the past 12 months
October, 2013, n varies 171 to 2048Base: Consumers by mobile OS.
© 2014 Javelin Strategy & Research
UNDERSTANDING THE CONSEQUENCES
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
16
Facing significantly higher rates of fraud, Android and iOS users alike must improve their
security posture if they are to have any hope of reversing this trend. While users can be
encouraged to change their behaviors, some improvements can only be achieved in concert
with the efforts of carriers, device manufacturers, and the businesses that use the mobile
channel to reach their customers. Every stakeholder shares in the responsibility for the
success — or failure — of protec ng mobile devices and their users from fraud.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
17
METHODOLOGY
2013 Iden ty Fraud Survey Data Collec on Javelin’s ID Fraud survey was historically fielded as a landline survey using computer‐
assisted telephone interviewing (CATI). At the me of the survey’s incep on in 2003,
landlines provided a rela vely comprehensive coverage of the U.S. popula on. However,
with the advent of me and technology, landline coverage has been shrinking — thus the ID
Fraud survey has had increasingly less penetra on into the younger, more mobile
popula on. Cognizant of this shi , in 2011 Javelin fielded the ID Fraud survey through the
KnowledgePanel®. Javelin con nued to use KnowledgePanel for our 2013 ID fraud survey in
order to obtain the most representa ve sample of U.S. adults.
KnowledgePanel is the only probability‐based online panel in the U.S. Through mail, the
panel recruits households with no access to Internet (at the me of recruitment) as well as
cell phone‐only households. The panel offers a mix of RDD‐based recruitment (1999–
present) and address‐based sampling (introduced in 2008 and rolled out in full in 2009).
The 2013 ID Fraud survey was conducted among 5,634 U.S. adults over age 18 on
KnowledgePanel; this sample is representa ve of the U.S. census demographics
distribu on, recruited from the Knowledge Networks panel. Data collec on took place from
Oct. 9 to Oct. 30, 2013. Final data was weighted by Knowledge Networks, while Javelin was
responsible for data cleaning, processing, and repor ng. Data is weighted using 18+ U.S.
Popula on Benchmarks on age, gender, race/ethnicity, educa on, census region, and
metropolitan status from the most current CPS targets.
Margin of Error For ques ons answered by all 5,634 respondents, the maximum margin of sampling error is
+/‐ 1.31 percentage points at the 95% confidence level. For ques ons answered by all 936
iden ty fraud vic ms, the maximum margin of sampling error is +/‐ 3.20 percentage points
at the 95% confidence level.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
18
ENDNOTES 1 2014 Iden ty Fraud Report: Card Data Breaches and Inadequate Consumer Password Habits Fuel Disturbing Fraud Trends, Javelin Strategy & Research, February 2014.
2 h ps://www.apple.com/iphone‐6/touch‐id/, accessed Aug. 19, 2014.
3 Biometrics in Banking and Payments: Versa le Voice Faces an Apple‐Led Fingerprint Revolu on, Javelin Strategy & Research, January 2014.
4 h p://www.scmagazine.com/new‐drive‐by‐download‐android‐malware‐discovered‐by‐researchers/ar cle/334475/, accessed Sept. 7, 2014.
5 h p://blog.trendmicro.com/trendlabs‐security‐intelligence/mobile‐malware‐and‐high‐risk‐apps‐reach‐2m‐mark‐go‐for‐firsts/, accessed Sept. 7, 2014.
6 h p://www.americanbanker.com/issues/178_111/new‐breed‐of‐banking‐malware‐hijacks‐text‐messages‐1059745‐1.html, accessed Sept. 7, 2014.
7 h p://www.informa onweek.com/mobile/zeus‐banking‐trojan‐hits‐android‐phones/d/d‐id/1098909?, accessed Sept. 19, 2014.
8 h p://www.entrepreneur.com/ar cle/232335, accessed Sept. 7, 2014.
9 h p://nakedsecurity.sophos.com/2014/08/22/apple‐ios‐malware‐gets‐onto‐75000‐iphones‐steals‐ad‐clicks/, accessed Sept. 7, 2014.
10 h p://www.eweek.com/c/a/Security/10‐iOS‐Security‐Apps‐to‐Protect‐Your‐iPhone‐iPad‐from‐Hackers‐492794/, accessed Sept. 7, 2014.
11 h p://bits.blogs.ny mes.com/2014/08/25/california‐governor‐signs‐law‐requiring‐a‐kill‐switch‐on‐smartphones/?_php=true&_type=blogs&_r=0, accessed Sept. 7, 2014.
12 Familiar fraud is the commission of iden ty fraud by someone personally known to the vic m.
13 2014 Iden ty Fraud Report: Card Data Breaches and Inadequate Consumer Password Habits Fuel Disturbing Fraud Trends, Javelin Strategy & Research, February 2014.
14 2012 Mobile Security: Android and iPhone Are A rac ve Fraud Targets in $20B Mobile Payments Market, Javelin Strategy & Research, November 2012.
SMARTPHONES, TABLETS, AND FRAUD: When Apathy Meets Security
19
ABOUT JAVELIN Javelin Strategy & Research, a division of Greenwich Associates, provides strategic insights
into customer transac ons, increasing sustainable profits and crea ng efficiencies for
financial ins tu ons, government agencies, payments companies, merchants, and other
technology providers. Javelin’s independent insights result from a uniquely rigorous three‐
dimensional research process that assesses customers, providers, and the transac ons
ecosystem.
Authors: Al Pascual, Senior Analyst, Fraud & Security
Publica on Date: September 2014
Editor Chuck Ervin
This white paper was sponsored by Nok Nok Labs. The white paper was independently
produced by Javelin Strategy & Research, a Greenwich Associates LLC company. Javelin
maintains complete independence in its data collec on, findings, and analysis.